Intelligent Alarm Qualification in a Fraud Management System

Most leading rule-based Fraud Management Systems are based on a relatively simple process…. When an event (or series of events) occurs, the record associated with the event is processed in the FMS.  If the event breaks a rule in the FMS – perhaps because it is unusual for the customer, unusually long duration, unusually expensive or is one of a very high number of calls – an alarm is fired and that alarm is sent to the alarm page so that the fraud analyst can see it in their workstack and hopefully take prompt action to deal with the case.

The reality of course is that, in many instances, the alarm is competing with perhaps hundreds or thousands of other alarms for the attention of the analyst.  So, which is the most important alarm in the stack?  Well, as we know, most FMS systems will have a scoring system so that the alarms with the highest score will appear at the top of the stack.

Typically, when rules are built, they are given a score which reflects their “potential” severity, relative to other alarms.  Weird and wonderful algorithms are then used in the background to build a consolidated score for an alarm based on a combination of these various scores for each rule breach, bearing in mind that alarms usually comprise a combination of several rule breaches.

So a $50 call to an Adult entertainment line may have breached all of the following rules, each having a score associated with that breach:-

  • High Value Call to a Premium Rate Service
  • Long Duration Call to a Premium Rate Service
  • High Value Call to ANY number
  • Out of Hours Call

On the face of it, this seems a sensible solution.  However, there are three flaws with this methodology:-

  1. The scoring provided for a rule breach (alert) is arbitrarily/subjectively assigned at the time the rule is written
  2. Once the score is associated with the rule, it is unlikely it will be changed until a thorough rules review is conducted, which could be months/years later
  3. No consideration is given to the “actual” ruling that was subsequently assigned to the alarm.

But what if the score could change dynamically based on the history of ACTUAL rulings made by analysts, rather than remaining static, based on the POTENTIAL severity of the situation.

So, for example, if a particular set of rule breaches appear to be high risk but actually rarely result in a fraud, then surely over time, the score associated with that “event” should reduce.  Likewise, if a low score alarm always results in a fraud ruling, the score should automatically be enhanced the next time the system sees the same, or similar, behaviours.

In other words, the system learns from experience over time.  The more alarms that analysts rule correctly, the more accurately the score reflects the likelihood of that alarm being fraudulent or not.  It won’t reduce the number of false alarms, but it will ensure that the alarms most likely to be fraudulent will appear at the top of the list and be dealt with quicker than those that are known to be less risky…. And that means losses due to fraud are reduced.

Subex has been running this system for several years now.  It is known as Intelligent Alarm Qualification (IAQ) and – wherever it is deployed – the results have been excellent.  We have a benchmark which follows the Pareto Principle (the 80:20 Rule).  This means that customers who let IAQ score the alarms should find 80% of their fraud in the top 20% of their alarm stack.  The results in 95% of cases achieve this benchmark – and in the vast majority of cases, exceed it.

Of course, it relies on the fact that analysts do rule alarms as FRAUD or NOT FRAUD regularly, and it also assumes that such rulings are usually correct.  But as long as that is happening, as it is in most operations, then it is Happy Days!

To get more information about IAQ or to find out more about Subex Fraud products please click here.

Get started with Subex
Request Demo Contact Us
Request a demo